Joint Release
Board of Governors of the Federal Reserve System
Federal Deposit Insurance Corporation
Federal Trade Commission
National Credit Union Administration
Office of the Comptroller of the Currency
Office of Thrift Supervision
For immediate release October 31, 2007
Agencies Issue Final Rules on Identity Theft Red Flags
and Notices of Address Discrepancy
WASHINGTON – The federal financial institution regulatory agencies and the Federal
Trade Commission have sent to the Federal Register for publication final rules on
identity theft "red flags" and address discrepancies. The final rules implement sections
114 and 315 of the Fair and Accurate Credit Transactions Act of 2003.
According to a report of the President's Identity Theft Task Force, identity theft (a fraud
attempted or committed using identifying information of another person without
authority), results in billions of dollars in losses each year to individuals and businesses.
The final rules require each financial institution and creditor that holds any consumer
account, or other account for which there is a reasonably foreseeable risk of identity
theft, to develop and implement an Identity Theft Prevention Program (Program) for
combating identity theft in connection with new and existing accounts. The Program
must include reasonable policies and procedures for detecting, preventing, and
mitigating identity theft and enable a financial institution or creditor to:
• Identify relevant patterns, practices, and specific forms of activity that are "red
flags" signaling possible identity theft and incorporate those red flags into the
Program;
• Detect red flags that have been incorporated into the Program;
• Respond appropriately to any red flags that are detected to prevent and mitigate
identity theft; and
• Ensure the Program is updated periodically to reflect changes in risks from identity
theft.
The agencies also issued guidelines to assist financial institutions and creditors in
developing and implementing a Program, including a supplement that provides
examples of red flags.
The final rules also require credit and debit card issuers to develop policies and
procedures to assess the validity of a request for a change of address that is followed
closely by a request for an additional or replacement card. In addition, the final rules
require users of consumer reports to develop reasonable policies and procedures to
Board of Governors of the Federal Reserve System
Federal Deposit Insurance Corporation
Federal Trade Commission
National Credit Union Administration
Office of the Comptroller of the Currency
Office of Thrift Supervision
For immediate release October 31, 2007
Agencies Issue Final Rules on Identity Theft Red Flags
and Notices of Address Discrepancy
WASHINGTON – The federal financial institution regulatory agencies and the Federal
Trade Commission have sent to the Federal Register for publication final rules on
identity theft "red flags" and address discrepancies. The final rules implement sections
114 and 315 of the Fair and Accurate Credit Transactions Act of 2003.
According to a report of the President's Identity Theft Task Force, identity theft (a fraud
attempted or committed using identifying information of another person without
authority), results in billions of dollars in losses each year to individuals and businesses.
The final rules require each financial institution and creditor that holds any consumer
account, or other account for which there is a reasonably foreseeable risk of identity
theft, to develop and implement an Identity Theft Prevention Program (Program) for
combating identity theft in connection with new and existing accounts. The Program
must include reasonable policies and procedures for detecting, preventing, and
mitigating identity theft and enable a financial institution or creditor to:
• Identify relevant patterns, practices, and specific forms of activity that are "red
flags" signaling possible identity theft and incorporate those red flags into the
Program;
• Detect red flags that have been incorporated into the Program;
• Respond appropriately to any red flags that are detected to prevent and mitigate
identity theft; and
• Ensure the Program is updated periodically to reflect changes in risks from identity
theft.
The agencies also issued guidelines to assist financial institutions and creditors in
developing and implementing a Program, including a supplement that provides
examples of red flags.
The final rules also require credit and debit card issuers to develop policies and
procedures to assess the validity of a request for a change of address that is followed
closely by a request for an additional or replacement card. In addition, the final rules
require users of consumer reports to develop reasonable policies and procedures to
apply when they receive a notice of address discrepancy from a consumer reporting
agency.
The attached final rulemaking is issued by the Board of Governors of the Federal
Reserve System, the Federal Deposit Insurance Corporation, the Federal Trade
Commission, the National Credit Union Administration, the Office of the Comptroller of
the Currency, and the Office of Thrift Supervision. The final rules are effective on
January 1, 2008. Covered financial institutions and creditors must comply with the rules
by November 1, 2008.
The final rules are attached and will be published shortly.
# # #
Attachment:
Interagency Final Rule Regarding Identity Theft Red Flags and Address Discrepancies
under Section 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003 -
PDF 386k( PDF Help )
Media Contacts:
Federal Reserve Susan Stawick 202-452-2955
FDIC David Barr 202-898-6992
OCC Bryan Hubbard 202-874-5770
OTS William Ruberry 202-906-6677
NCUA Cherie Umbel 703-518-6330
FTC Frank Dorman 202-326-2674
FDIC: PR-89-2007
agency.
The attached final rulemaking is issued by the Board of Governors of the Federal
Reserve System, the Federal Deposit Insurance Corporation, the Federal Trade
Commission, the National Credit Union Administration, the Office of the Comptroller of
the Currency, and the Office of Thrift Supervision. The final rules are effective on
January 1, 2008. Covered financial institutions and creditors must comply with the rules
by November 1, 2008.
The final rules are attached and will be published shortly.
# # #
Attachment:
Interagency Final Rule Regarding Identity Theft Red Flags and Address Discrepancies
under Section 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003 -
PDF 386k( PDF Help )
Media Contacts:
Federal Reserve Susan Stawick 202-452-2955
FDIC David Barr 202-898-6992
OCC Bryan Hubbard 202-874-5770
OTS William Ruberry 202-906-6677
NCUA Cherie Umbel 703-518-6330
FTC Frank Dorman 202-326-2674
FDIC: PR-89-2007